- Allow login programs to set ioctl on /proc
This commit is contained in:
parent
ed4ac3da5c
commit
c0aebeb268
@ -6440,7 +6440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
|
||||
+/var/tmp/host_0 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.0.8/policy/modules/services/kerberos.if
|
||||
--- nsaserefpolicy/policy/modules/services/kerberos.if 2007-07-03 07:06:27.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/kerberos.if 2007-09-22 07:42:39.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/services/kerberos.if 2007-09-25 10:30:36.000000000 -0400
|
||||
@@ -42,6 +42,10 @@
|
||||
dontaudit $1 krb5_conf_t:file write;
|
||||
dontaudit $1 krb5kdc_conf_t:dir list_dir_perms;
|
||||
@ -10456,7 +10456,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
|
||||
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.0.8/policy/modules/system/authlogin.if
|
||||
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-08-22 07:14:13.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2007-09-25 10:18:40.000000000 -0400
|
||||
+++ serefpolicy-3.0.8/policy/modules/system/authlogin.if 2007-09-25 10:32:38.000000000 -0400
|
||||
@@ -26,7 +26,8 @@
|
||||
type $1_chkpwd_t, can_read_shadow_passwords;
|
||||
application_domain($1_chkpwd_t,chkpwd_exec_t)
|
||||
@ -10562,15 +10562,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
corecmd_search_bin($1)
|
||||
domtrans_pattern($1,chkpwd_exec_t,system_chkpwd_t)
|
||||
|
||||
@@ -329,6 +356,7 @@
|
||||
@@ -329,6 +356,8 @@
|
||||
|
||||
optional_policy(`
|
||||
kerberos_use($1)
|
||||
+ kerberos_read_keytab($1)
|
||||
+ kerberos_524_connect($1)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
@@ -347,6 +375,37 @@
|
||||
@@ -347,6 +376,37 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -10608,7 +10609,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
## Get the attributes of the shadow passwords file.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -695,6 +754,24 @@
|
||||
@@ -695,6 +755,24 @@
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
@ -10633,7 +10634,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
## Execute pam programs in the PAM domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
@@ -1318,14 +1395,9 @@
|
||||
@@ -1318,14 +1396,9 @@
|
||||
## </param>
|
||||
#
|
||||
interface(`auth_use_nsswitch',`
|
||||
@ -10648,7 +10649,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
files_list_var_lib($1)
|
||||
|
||||
miscfiles_read_certs($1)
|
||||
@@ -1347,6 +1419,8 @@
|
||||
@@ -1347,6 +1420,8 @@
|
||||
|
||||
optional_policy(`
|
||||
samba_stream_connect_winbind($1)
|
||||
@ -10657,7 +10658,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
|
||||
')
|
||||
')
|
||||
|
||||
@@ -1381,3 +1455,163 @@
|
||||
@@ -1381,3 +1456,163 @@
|
||||
typeattribute $1 can_write_shadow_passwords;
|
||||
typeattribute $1 can_relabelto_shadow_passwords;
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user